deac/gitlabhq
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Secure and httponly options on cookie.

Browse source
This commit is contained in:
Marin Jankovski 2012-09-26 16:02:31 +02:00
parent 8ec956421c
commit a58d311262
1 changed files with 3 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
config/initializers/session_store.rb
View file

@ -1,6 +1,8 @@
# Be sure to restart your server when you modify this file. # Be sure to restart your server when you modify this file.
Gitlab::Application.config.session_store :cookie_store, key: '_gitlab_session' Gitlab::Application.config.session_store :cookie_store, key: '_gitlab_session',
secure: Gitlab::Application.config.force_ssl,
httponly: true
# Use the database for sessions instead of the cookie-based default, # Use the database for sessions instead of the cookie-based default,
# which shouldn't be used to store highly confidential information # which shouldn't be used to store highly confidential information